FYI - I've already been told that I just sent everyone what was the real
key (excised below) :-( , but it's now been changed...
Oh well, live and learn... Thanks again to Jeff, Doug and Derrick for
the help!
---
Tony.
Tony D'Amato wrote:
After working the problem with Jeffrey Altman and Douglas Engert as
well as Derrick Brashear offline, here's what I was doing wrong:
1) The afs/lionstest.odu.edu key was using the wrong salt... I fixed
this by removing all instances of afs/lionstest.odu.edu from the
keytab and from AFS (using asetkey delete) and replaced them with the
proper one, then recycled the server:
kadmin: addprinc -randkey -e "des-cbc-crc:v4" afs/lionstest.odu.edu
kadmin: ktadd -e "des-cbc-crc:v4" afs/lionstest.odu.edu
[..snip..]
# asetkey add 3 /etc/krb5/krb5.keytab afs/lionstest.odu.edu
[..snip..]
2) Because I'm using a Kerberos realm name which does not match the
AFS cell name, I had to enter that realm into the following two files
and recycle the AFS server and client:
/usr/vice/etc/krb.conf # for the client
/usr/afs/etc/krb.conf # for the server
Once this was done, it worked!
# tokens
Tokens held by the Cache Manager:
User's (AFS ID 1) tokens for [email protected]
<mailto:[email protected]> [Expires Dec 12 01:58]
--End of list--
# fs setacl /afs system:anyuser rl
# fs listacl /afs
Access list for /afs is
Normal rights:
system:administrators rlidwka
system:anyuser rl
#
Thanks for all of you - you're the greatest!
--
Tony D'Amato, SCSA (it's Exchange that puts "Nicholas" there)
Senior UNIX Systems Administrator
Server Support Group, OCCS
Old Dominion University
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
